Search the VMware Knowledge Base (KB)
View by Article ID

Log Insight 2.5 and 3.0 cannot establish connection to remote TLSv1.1 or TLSv1.2 servers (2144162)

  • 0 Ratings

Symptoms

  • VMware vRealize Log Insight 2.5 and 3.0 cannot establish secure connections to remote TLSv1.1 or TLSv1.2 servers.

  • Connections from Log Insight to VMware vRealize Operations fail. In the /storage/var/loginsight/runtime.log or /storage/var/loginsight/ui_runtime.log file, you see entries similar to:

    [thread/10.x.x.x ERROR] [com.vmware.loginsight.vcopssuite.VcopsSuiteApiRequest] [failed to post resource to vRealize Operations Manager]
    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake


  • Connections from Log Insight to VMware vCenter Server fail. In the /storage/var/loginsight/runtime.log or /storage/var/loginsight/ui_runtime.log file, you see entries similar to:

    [thread/10.x.x.x ERROR] [com.vmware.loginsight.vsphere.client.VimClient] [Exception while consuming connection: com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]

Resolution

VMware vRealize Log Insight 2.5 and 3.0 support connections to remote TLS v1.0 servers out of the box. However additional configuration is required to enable support for TLS v1.1 and TLS v1.2.

To enable outbound connections to TLS v1.1 and TLS v1.2 servers, modify two shell scripts on each vRealize Log Insight cluster node:

  1. Open a console or SSH connection to the vRealize Log Insight appliance and login as root.

  2. Modify configuration for the UI service.

    1. Change to the apache-tomcat-version/bin diirectory.

      For Log Insight 3.0: cd /usr/lib/loginsight/application/3rd_party/apache-tomcat-7.0.57/bin/
      For Log Insight 2.5: cd /usr/lib/loginsight/application/3rd_party/apache-tomcat-6.0.36/bin/

    2. Create the setenv.sh file using a text editor. The file may not exist. For more information, see Editing files using vi or nano (1020302).

    3. Append the line:

      export CATALINA_OPTS="$CATALINA_OPTS -Dhttps.protocols=TLSv1.1,TLSv1.2 -Ddeployment.security.TLSv1=false"

    4. Save and close the file.

  3. Modify configuration for the background daemon service.

    1. Open the file/etc/default/loginsight using a text editor. The file may not exist. For more information, see Editing files using vi or nano (1020302).

    2. Append the line:

      STRATA_JAVA_OPTS="$STRATA_JAVA_OPTS -Dhttps.protocols=TLSv1.1,TLSv1.2 -Ddeployment.security.TLSv1=false"

    3. Save the file.

  4. Restart the loginsight service using the command:

    service loginsight restart

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: